package shiro.sso.chapter01.Reaml;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.cas.CasRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import shiro.sso.chapter01.entity.User;
import shiro.sso.chapter01.service.UserServiceImpl;

import javax.annotation.PostConstruct;

/**
 * Created by Admin on 2018/12/27
 */
public class MyShiroCasRealm extends CasRealm {

    @Autowired
    UserServiceImpl userService;

    private static final Logger logger = LoggerFactory.getLogger(MyShiroCasRealm.class);

    @Value("${cas.server-url}")
    public String casServerUrlPrefix;

    @Value("${cas.service}")
    public String shiroServerUrlPrefix;

    @PostConstruct
    public void initProperty() {
        // cas server地址
        setCasServerUrlPrefix(casServerUrlPrefix);
        // 客户端回调地址
        setCasService(shiroServerUrlPrefix + "/cas");
    }

    /**
     * 1、CAS认证 ,验证用户身份
     * 2、将用户基本信息设置到会话中(不用了，随时可以获取的)
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {
        AuthenticationInfo authc = super.doGetAuthenticationInfo(token);

        String username = (String) authc.getPrincipals().getPrimaryPrincipal();
        QueryWrapper<User> qw = new QueryWrapper();
        qw.eq("username", username);
        User user = userService.getOne(qw);
        if (null == user) {
            throw new UnknownAccountException("该账户不存在");
        }
        //将用户信息存入session中
        SecurityUtils.getSubject().getSession().setAttribute("user", user);
        return authc;

    }

    /**
     * 权限认证，为当前登录的Subject授予角色和权限
     * 本例中该方法的调用时机为需授权资源被访问时
     * 并且每次访问需授权资源时都会执行该方法中的逻辑，这表明本例中默认并未启用AuthorizationCache
     * 如果连续访问同一个URL（比如刷新），该方法不会被重复调用，Shiro有一个时间间隔（也就是cache时间，在ehcache-shiro.xml中配置），超过这个时间间隔再刷新页面，该方法会被执行
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        return null;
    }
}
